If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard, said the report by software security leader Trend Micro.

Trend Micro's "Mobile App Reputation Service" (MARS) has counted 16.6 million malware detections as of August this year -- a 40 per cent leap from detections listed in January.

The apps affected include recreational types like games, skins, and themes to phone optimisation boosters. The malicious code only makes for a small part of the app, making it difficult to detect.

With the rise of "Bring Your Own Device" (BYOD) programmes, more enterprises are exposing themselves to risk via carefree employee mobile usage.

According to Trend Micro data, 82 per cent of businesses implement BYOD or allow employee personal devices for work-related functions.